Welcome. The following steps will help you get ready for any of our workshops as well as provide you a great baseline of tools for your personal lab.
Step 1. Install a Hypervisor
The hypervisor or virtual machine monitor is a software package that allows you to create a virtual machine (VM) on your host device/laptop. Any new virtual machine will be considered a guest machine.
It is recommended to install Virtual Box (Windows, OS X, Linux, or Solaris) or VMWare Fusion (Mac). For some reason, we’ve had several issues with students running VMWare Workstation. You can download a hypervisor from the following locations:
The installation process for both VirtualBox and VMWare fusion are straight forward “push thru” installs. Unless you have a specific folder where you would like to save your virtual machines, you can simply accept all of the default options.
Keep in mind that each new VM will require processing power and memory from the host machine. A standard laptop, even with a minimum of 8 GB of RAM, could still fully power the two VMs needed to help you get started. The newest version of Kali is configured to provide 2 CPUs and 2048 MB of RAM.
Step 2. (Optional) Verify the Kali Linux Download
It is good practice to verify that the downloaded images are authentic and indeed provided by Kali. Each file has a corresponding sha256sum, an example looks like:
Follow the steps in the section titled Download Kali Linux Images Securely located at the bottom of the Kali Downloads page to ensure you have an authentic copy of your downloaded file.
Step 3. Download and Install Kali Linux
Disclaimer: Kali Linux is an operating system for hackers built by hackers. Upon installing Kali, you will be in the possession of hundreds of tools. Please be aware of the power of these tools and improper use of said tools outside of a training environment could lead to serious damage and/or jail time.
You can use pre-configured virtual machines or you can install Kali straight from a .iso file. Be sure to use the images from “Kali Linux VirtualBox Images” if you are using VirtualBox. You can find images and .iso files at the following locations:
For the .iso, it is recommended that you use the Kali Linux 64-bit image
Step 4. Configure the Kali Linux Repositories
Ensure your /etc/apt/sources.list file contains the following lines. You will need them to update your system packages. To view that file type:
[email protected]:~# cat /etc/apt/sources.list
Ensure the file contains the following lines:
deb http://http.kali.org/kali kali-rolling main non-free contrib
deb-src http://http.kali.org/kali kali-rolling main non-free contrib
If your sources.list file does not contain these two lines, which are the official Kali Linux repositories, you can use a file editor to make the correct changes. The following example is how to make changes using a program called Gedit.
[email protected]:~# gedit /etc/apt/sources.list
Step 5. Update the Kali Linux Packages
Next, you will want to make sure you have the latest software packages. This may take a while depending on your connection speeds.
[email protected]:~# sudo apt update
Step 6. (Optional) Upgrade the Kali Linux Packages
There may be a time where you may want to view the list of upgradeable packages, upgrade one package at a time, or upgrade all the packages at once. To view the packages that are scheduled for an update, type:
[email protected]:~# sudo apt list --upgradeable
To upgrade one package at a time, type:
[email protected]:~# sudo apt install [Package Name]
To upgrade all the packages at once type:
[email protected]:~# sudo apt upgrade -y
Step 7. (Optional) Change the Password
Again, as a standard security practice, it is recommended that you change your “root” (Administrator) password. The default account is root and the default password, unless you created a new one installing from the .iso file, is toor. From a terminal and while logged in as root type passwd and follow the prompts to change the password.
[email protected]:~# passwd
Step 8. (Optional) Change the Default SSH Keys
To better protect your ssh sessions it is recommended that you change the default keys. You can first create a folder to hold a back up copy of your current keys and then move the current keys to the backup folder.
[email protected]:~# mkdir /etc/ssh/backup-keys
[email protected]:~# mv /etc/ssh/ssh_host_* /etc/ssh/backup-keys
Now you can create a new set of ssh keys with the following command:
[email protected]:~# dpkg-reconfigure openssh-server
Step 9. Configure the Metasploit Database
There are additional options to fine-tune and help secure your instance of Kali Linux. You can find some tips by searching “Things to do after installing Kali Linux.” For now, it is recommended that you have the Metasploit Database up and running in Kali. The database will help keep all of your scans, vulnerabilities, exploits, and identified credentials/passwords in one place.
A few services are required depending on what version of Kali you have. For older versions, you will need to start the PostgreSQL and Metasploit services. For newer versions, you will only need to start the PostgreSQL service.
Here are the common commands needed to ensure your database is working with a fresh Kali Linux install.
# msfdb init
# service postgresql start
msf > workspace
At this point you should see a * Default workspace. If you have used Kali before then you may be able to skip the first two commands. If the default workspace appears in any capacity after typing msfconsole and workspace, then you are ready for the workshop(s).
Step 10. Make the PostgreSQL Service Persistent
Lastly, it is a good idea to have the PostgreSQL service remain persistent (start on boot).
# update-rc.d postgresql enable
If you prefer not to install Kali, all of the primary tools can be installed separately from the following locations:
You can check out the following references to gain familiarization with terms and topics you will hear in class.